Comment 0 for bug 1900983
Revision history for this message
| Kai Dietrich (0cs935kb517wwm-mail) wrote Multiple heap buffer overflows by integer overflow | #0 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
The CImg library uses an unsafe pattern to calculate memory allocations size. At least in the PNM file format parser, an attacker can trivially supply width/height fields that overflow the heap and result in arbitrary heap writes. This probably also affects other file parsers in CImg.
The most prominent user of CImg is gmic.
The issue is public and fixed in:
https:/